In December 2021, the U.S. Transportation Security Administration deployed a Security Directive that shined a spotlight on rail cybersecurity following a series of global cyberattacks that occurred at the New York Metropolitan Transportation Authority, Class I CSX and short-line operator OmniTRAX, as well as several rail companies around the globe.
The TSA regulations took effect December 31, and rail operators across the U.S. are facing looming deadlines. But achieving compliance across the four required TSA mandates isn’t a quick fix, and the regulations spark additional questions: Why is the federal government rapidly getting involved in rail cybersecurity? What kind of cyberattacks are now targeting rail systems and rolling stock, and what’s next? Are rail cybersecurity measures in place sufficient to fend off sophisticated attacks? Are existing rail technology platforms such as PTC and onboard/wayside fault detection and health monitoring capable of supporting cybersecurity measures? Railway Age Editor in Chief William C. Vantuono discusses these topics withrail cybersecurity expert Josh Lospinoso, CEO and co-founder of podcast sponsor Shift5.